SitePoint Sponsor

User Tag List

Results 1 to 17 of 17
  1. #1
    SitePoint Member
    Join Date
    Jul 2011
    Posts
    3
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    Spaghetti code and redundancy

    Hey, I'm new, so please understand if I put this in the wrong section.

    I did a lot of programing before learning web design, so I'm constantly thinking about reducing redundancy, and making sure it's easy to change the location of something.

    I've run into a problem designing my site. The nav bar is the same on every page, and if I just copy-paste it, making changes to the nav bar (adding new pages, etc.) won't be very easy. I tried php include, but that requires me to pass the path to each different directory as an argument in a function, which still requires me to change every page if I move something that was linked to in the navbar.

    For example:
    In navbar.php
    PHP Code:
    <?php
    function navBar($pathToHome$pathToDir1$pathToDir2) {
       echo 
    "<a href='".$pathToHome."'>Home</a>";
       echo 
    "<a href='".$pathToDir1."'>Dir1</a>";
       echo 
    "<a href='".$pathToDir2."'>Dir2</a>";
       echo 
    "<a href='".$pathToDir2."/myFile.html'>My File</a>";
    }
    ?>
    In /dir1/index.php
    PHP Code:
    <?php
    include('../navBar.php');
    navBar("../""/""../dir2");
    ?>
    I'd like to be able to link to files relative to the site root, so in my included php file, I don't need to put anything in a function. Like so:

    navbar.php
    PHP Code:
    <?php
    echo "<a href=''>Home</a>";
    echo 
    "<a href='dir1'>Dir1</a>";
    echo 
    "<a href='dir2'>Dir2</a>";
    echo 
    "<a href='dir2/myFile.html'>My File</a>";
    ?>
    dir1/index.php
    PHP Code:
    <?php
    include('../navbar.php');
    ?>
    Changing the location of a file would be as easy as changing it in the navbar.php file.


    Is there any way at all that you can think of to accomplish this? I just can't see sites like facebook changing millions (billions?) of pages just because they moved a file.

    Sorry if I haven't been clear, feel free to ask for clarification, and thanks in advance.

  2. #2
    Resident curmudgeon bronze trophy gary.turner's Avatar
    Join Date
    Jan 2009
    Location
    Dallas
    Posts
    990
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Site root is "/". Then add the full path.

    cheers,

    gary
    Anyone can build a usable website. It takes a graphic
    designer to make it slow, confusing, and painful to use.

    Simple minded html & css demos and tutorials

  3. #3
    SitePoint Wizard bronze trophy C. Ankerstjerne's Avatar
    Join Date
    Jan 2004
    Location
    The Kingdom of Denmark
    Posts
    2,702
    Mentioned
    7 Post(s)
    Tagged
    0 Thread(s)
    One thing to consider: Users will make bookmarks to those files, and while re-structuring your site once every few years probably can't be avoided if you're a successful start-up, you should make sure that at least your main directories doesn't change their names. Also, using upper-case letters should be avoided in URLs.

    In addition to Gary's advise, here's a couple of tips:
    1. If the included file will only contain HTML, you should not make it a PHP function, unless there's a security reason why the file shouldn't work as a stand-alone file. Keeping the file as PHP will increase processing time, as PHP will have to process all the commands.
    2. Menus are usually marked up as an unordered list.

    In other words, this would ideally be your navbar.php (or .html):
    Code html4strict:
    <ul id="menu">
     <li><a href="/">Home</a></li>
     <li><a href="/dir1">Dir1</a></li>
     <li><a href="/dir2">Dir2</a></li>
     <li><a href="/dir2/myfile.html">Dir3</a></li>
    </ul>
    Christian Ankerstjerne
    <p<strong<abbr/HTML/ 4 teh win</>
    <>In Soviet Russia, website codes you!

  4. #4
    SitePoint Member
    Join Date
    Jul 2011
    Posts
    3
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Wow... I was kinda thinking it would be more complicated than that... thanks gary.

    Thanks for the tips, erm... "C". My navbar is already an unordered list (the code I provided was created purely for clarification), but I forgot that making a fuction puts more of a load on the server.

  5. #5
    Resident curmudgeon bronze trophy gary.turner's Avatar
    Join Date
    Jan 2009
    Location
    Dallas
    Posts
    990
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    I usually use ".inc" as the suffix. For example, main-nav.inc. The server and the client don't care, and it is easier to see the file name and know what it is.

    You need not use the .php suffix on the included file, since the 'mother file' tells the server how to deal with it. The included file is not treated as a separate entity; it is at heart a simple copy/paste job.

    The same parameters apply if you're using Server Side Includes (SSI), an integral server function.

    cheers,

    gary
    Anyone can build a usable website. It takes a graphic
    designer to make it slow, confusing, and painful to use.

    Simple minded html & css demos and tutorials

  6. #6
    Community Advisor silver trophybronze trophy
    dresden_phoenix's Avatar
    Join Date
    Jun 2008
    Location
    Madison, WI
    Posts
    2,813
    Mentioned
    34 Post(s)
    Tagged
    2 Thread(s)
    the simple solution was already mentioned, but it I need to say there is also another easy PHP trick for this.

    $_server['PHP_SELF'] would give you the url of your current document, removing all characters after the last"/" gives you the current directory of the file so you can move up and down your directory structure using that as a guide point.

    Ultimately, you cant create a good program,m if you haven just simply created a good structure.. if you expect to be creating folders willy-nillyandnot using some sort of tracking .. there will be no pattern to create good code from.

  7. #7
    Non-Member bronze trophy
    Join Date
    Nov 2009
    Location
    Keene, NH
    Posts
    3,760
    Mentioned
    23 Post(s)
    Tagged
    0 Thread(s)
    What d_p suggested using $_server is my preferred method, because quite often I can't guarantee server root (much less local root during testing) is going to be the root of my program.

    Though I also tend to keep all user page requests to that root directory -- to me wasting an entire subdirectory on individual pages or even grouping pages -- ESPECIALLY when you can leverage PHP to load the sub-sections seems a bad idea...

    Especially when you can force all page requests to a single index.php -- then have index.php figure out what to show for content.

    One big tip -- if you use single quotes instead of doubles, you wouldn't have to open and close echo like crazy and you could have nice neat formatted output.

    Code:
    echo '
     <ul id="menu">
      <li><a href="/">Home</a></li>
      <li><a href="/dir1">Dir1</a></li>
      <li><a href="/dir2">Dir2</a></li>
      <li><a href="/dir2/myfile.html">Dir3</a></li>
     </ul>';
    Then you only have to escape single quotes, which should occur a lot less frequently. Double quotes take longer to parse, longer to execute, result in more function calls, and in general should be reserved for the handful of cases where they make sense... Which is to say 1% of the time.

    NEVER understood why so many PHP devs make their lives so much harder by using double quotes on everything -- is there some common book or resource teaching this bad behavior or something?

  8. #8
    SitePoint Member
    Join Date
    Jul 2011
    Posts
    3
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by deathshadow60 View Post
    NEVER understood why so many PHP devs make their lives so much harder by using double quotes on everything -- is there some common book or resource teaching this bad behavior or something?
    Thanks for the tip.

    I think it's just because double quotes are natural to everyone who learned to write english (or another language using double quotes) before they learned to write php.

  9. #9
    Non-Member bronze trophy
    Join Date
    Nov 2009
    Location
    Keene, NH
    Posts
    3,760
    Mentioned
    23 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by krydro View Post
    Thanks for the tip.

    I think it's just because double quotes are natural to everyone who learned to write english (or another language using double quotes) before they learned to write php.
    Hmm... maybe my learning pascal/modula thirty years ago skewed my view? (those only let you use single quotes for strings)

  10. #10
    SitePoint Wizard bronze trophy C. Ankerstjerne's Avatar
    Join Date
    Jan 2004
    Location
    The Kingdom of Denmark
    Posts
    2,702
    Mentioned
    7 Post(s)
    Tagged
    0 Thread(s)
    I'm guessing it's because a lot of PHP developers originally started writing HTML, where double-quotes are standard.
    Christian Ankerstjerne
    <p<strong<abbr/HTML/ 4 teh win</>
    <>In Soviet Russia, website codes you!

  11. #11
    SitePoint Wizard silver trophybronze trophy Stormrider's Avatar
    Join Date
    Sep 2006
    Location
    Nottingham, UK
    Posts
    3,133
    Mentioned
    1 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by gary.turner View Post
    I usually use ".inc" as the suffix.
    Careful of the security considerations here - if someone accessed the URL directly, and it contains important config information (eg database user/pass), anyone will be able to read it easily. If it ends in php, the config settings will be parsed and hidden.

    Quote Originally Posted by deathshadow60 View Post
    NEVER understood why so many PHP devs make their lives so much harder by using double quotes on everything -- is there some common book or resource teaching this bad behavior or something?
    I'm amazed people USE echo as much as they do. The only time it appears in any of my applications is in the template class:

    PHP Code:
    echo $this->returnOutput(); 
    As for the original question - I NEVER assume that the site is going to live in the document root of the server (for one, I develop everything locally in a subfolder - eg http://dev/projectname/httpdocs/). Imagine if, say, PHPBB did that, and how many of their users put the application in /forum/. It would all break!

    I use
    HTML Code:
    <base href="http://dev/projectname/httpdocs/">
    and relative URLs for all my links - ie, make sure they don't start with /.

    The value of the base href attribute is set from a config file in my application framework.

  12. #12
    Resident curmudgeon bronze trophy gary.turner's Avatar
    Join Date
    Jan 2009
    Location
    Dallas
    Posts
    990
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by Stormrider View Post
    Careful of the security considerations here - if someone accessed the URL directly, and it contains important config information (eg database user/pass), anyone will be able to read it easily. If it ends in php, the config settings will be parsed and hidden.<snip>
    Why wouldn't you simply disallow viewing *.inc files? I.e.
    Code:
    <Files ~ "\.(inc) $">
      Order allow,deny
      Deny from all
    </Files>
    A similar rule prevents viewing .htaccess and .htpasswd files
    Code:
    <Files ~ "^\.ht">
      Order allow,deny
      Deny from all
    </Files>
    Besides, that info belongs in a directory accessible only to the mid-tier logic, one not in the server root tree.

    cheers,

    gary
    Anyone can build a usable website. It takes a graphic
    designer to make it slow, confusing, and painful to use.

    Simple minded html & css demos and tutorials

  13. #13
    SitePoint Wizard silver trophybronze trophy Stormrider's Avatar
    Join Date
    Sep 2006
    Location
    Nottingham, UK
    Posts
    3,133
    Mentioned
    1 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by gary.turner View Post
    Why wouldn't you simply disallow viewing *.inc files? I.e.
    Code:
    <Files ~ "\.(inc) $">
      Order allow,deny
      Deny from all
    </Files>
    A similar rule prevents viewing .htaccess and .htpasswd files
    Code:
    <Files ~ "^\.ht">
      Order allow,deny
      Deny from all
    </Files>
    Besides, that info belongs in a directory accessible only to the mid-tier logic, one not in the server root tree.

    cheers,

    gary
    Indeed, but if, with a separate exploit, someone was able to upload a replacement .htaccess (entirely possible with some file upload bugs), you are stuffed. Keeping outside the document root is much better, but you do see people who don't do that, or some shared hosting packages which don't allow you to do that, all sorts.

    Having said all that, my config files are actually .xml files, but kept outside the document root obviously.

  14. #14
    Community Advisor silver trophybronze trophy
    dresden_phoenix's Avatar
    Join Date
    Jun 2008
    Location
    Madison, WI
    Posts
    2,813
    Mentioned
    34 Post(s)
    Tagged
    2 Thread(s)
    I think it's just because double quotes are natural to everyone who learned to write english (or another language using double quotes) before they learned to write php.
    This would be bad reasoning. PHP is not human language...

    there is only one good reason for the double quotes, and that is to be able to include variable output.

    Code:
    echo "<p>hello my name is $name. I will be your $server";
    and this is just if it bugs you to see it coded this way:
    Code:
    echo "<p>hello my name is ",$name," I will be your", $server;

  15. #15
    Resident curmudgeon bronze trophy gary.turner's Avatar
    Join Date
    Jan 2009
    Location
    Dallas
    Posts
    990
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by Stormrider View Post
    Indeed, but if, with a separate exploit, someone was able to upload a replacement .htaccess (entirely possible with some file upload bugs), you are stuffed.
    That's another issue entirely. If someone were able to upload to your site, all files in the doc root tree are vulnerable. If they can access that much, your entire /~* tree may be at risk.

    Keeping outside the document root is much better, but you do see people who don't do that,
    If they won't do one trivial security measure, you expect them to do another?

    or some shared hosting packages which don't allow you to do that, all sorts.
    Why would you rent a house without doors?

    I am not arguing that you're wrong, only that include files need only basic security; after all, they're going to be pasted into your document for the world to see. You bring up password and configuration files, which are different beasts from include files. They do need a higher level of security, and they need to be invisible to the http server. Intrusion hacks are a completely different issue and need a different solution.

    cheers,

    gary
    Anyone can build a usable website. It takes a graphic
    designer to make it slow, confusing, and painful to use.

    Simple minded html & css demos and tutorials

  16. #16
    SitePoint Wizard silver trophybronze trophy Stormrider's Avatar
    Join Date
    Sep 2006
    Location
    Nottingham, UK
    Posts
    3,133
    Mentioned
    1 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by gary.turner View Post
    That's another issue entirely. If someone were able to upload to your site, all files in the doc root tree are vulnerable. If they can access that much, your entire /~* tree may be at risk.
    Indeed, but if they can overwrite your .htaccess and look inside the right php include/config file, your database is also gone!

  17. #17
    Non-Member bronze trophy
    Join Date
    Nov 2009
    Location
    Keene, NH
    Posts
    3,760
    Mentioned
    23 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by dresden_phoenix View Post
    and this is just if it bugs you to see it coded this way:
    Code:
    echo "<p>hello my name is ",$name," I will be your", $server;
    At which point no reason to use double quotes -- since they're also SLOWER.

    But then, I've always hated printf/double quote parsing/etc... It always seemed too... sloppy.


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •